I made some updates to the Certificate Verification Service to make it more general:
- Added the validation of client certificates (instead of only server certs)
- Respect the javax.net.ssl.* properties (which allow to override the systems default keystore)
- Replaced the requirement to supply a destination port number for TrustManagers or SSLContexts by simply supplying the message why the validation failed. (Displaying the port number to the user rarely makes sense, and there are situations where no port is involved - e.g. when validating a client certificate received via MIKEY).
- Method to inject a certificate to trust. Although not yet implemented in any GUI, this could be used to manually add a trusted certificate to Jitsis truststore (jssecacerts)
The patch also includes the changes to the protocols using the CertificateValidationService.
certificateVerificationUpdate.patch (23.9 KB)